{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T15:15:13.764","vulnerabilities":[{"cve":{"id":"CVE-2021-43805","sourceIdentifier":"security-advisories@github.com","published":"2021-12-07T18:15:07.407","lastModified":"2024-11-21T06:29:49.757","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."},{"lang":"es","value":"Solidus es una plataforma de comercio electrónico gratuita y de código abierto construida sobre Rails. Las versiones de Solidus anteriores a la 3.1.4, 3.0.4 y 2.11.13 tienen una vulnerabilidad de denegación de servicio que podría ser explotada durante un pedido de invitados. La expresión regular usada para comprender el correo electrónico de un pedido de invitado estaba sujeta a un retroceso exponencial a través de un fragmento como `a.a.` Las versiones 3.1.4, 3.0.4 y 2.11.13 han sido parcheadas para usar una expresión regular diferente. Los mantenedores han añadido una comprobación de las direcciones de correo electrónico que ya no son válidas que imprimirá información sobre los pedidos afectados que se presentan. Si una actualización inmediata no es una opción, se presenta una solución disponible. Es posible editar el archivo \"config/application.rb\" manualmente (con el código proporcionado por los mantenedores en el aviso de seguridad de GitHub) para comprobar la validez del correo electrónico"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.13","matchCriteriaId":"EA9F9CA3-5DF3-4DF8-844C-B4C4E261D09A"},{"vulnerable":true,"criteria":"cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.4","matchCriteriaId":"FCC7D340-52C4-4FB7-810F-4B87ED7A470D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.4","matchCriteriaId":"E708A7C2-F76F-45D7-91F5-A6F480295521"}]}]}],"references":[{"url":"https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]}]}}]}